From 29e29a19e2a703e2965fa4eef7d8fa5226ab118a Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Thu, 12 Dec 2024 10:52:16 +0100 Subject: [PATCH] [tanium] Map extra fields, set event.kind for alerts (#12055) - Map extra fields from the new default `threat_response` format. - Set `event.kind` as a scalar not an array. - Set `event.kind` to `alert` if an alert ID is present. --- packages/tanium/changelog.yml | 5 + .../_dev/test/pipeline/test-common-config.yml | 1 + .../test/pipeline/test-deep.log-expected.json | 10 +- ...-details-empty-map-value.log-expected.json | 9 +- .../test-new-default.log-expected.json | 9 +- .../test-threat-response.log-expected.json | 176 +++++------------- .../test/system/test-http-endpoint-config.yml | 1 + .../_dev/test/system/test-tcp-config.yml | 1 + .../elasticsearch/ingest_pipeline/default.yml | 45 ++++- .../threat_response/fields/fields.yml | 42 +++-- packages/tanium/docs/README.md | 6 + packages/tanium/manifest.yml | 2 +- 12 files changed, 150 insertions(+), 157 deletions(-) diff --git a/packages/tanium/changelog.yml b/packages/tanium/changelog.yml index 50004443541..f4b7d8d5c6e 100644 --- a/packages/tanium/changelog.yml +++ b/packages/tanium/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.0" + changes: + - description: Map extra fields, set event.kind for alerts. + type: enhancement + link: https://github.com/elastic/integrations/pull/12055 - version: "1.11.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-common-config.yml b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-common-config.yml index 62c80b53b8e..cf6047bfeb1 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-common-config.yml +++ b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-common-config.yml @@ -4,6 +4,7 @@ fields: - preserve_duplicate_custom_fields numeric_keyword_fields: - tanium.threat_response.id + - tanium.threat_response.intel_id - tanium.threat_response.match_details.config_id - tanium.threat_response.match_details.config_rev_id - tanium.threat_response.match_details.finding.whats.intel_intra_ids.id diff --git a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-deep.log-expected.json b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-deep.log-expected.json index ac3e25f8057..90c75678863 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-deep.log-expected.json +++ b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-deep.log-expected.json @@ -9,9 +9,7 @@ "category": [ "host" ], - "kind": [ - "event" - ], + "kind": "alert", "original": "{\"Alert Id\":\"00000000-0000-0000-9a55-325096b39f47\",\"Timestamp\":\"2024-12-02T16:43:02.609Z\",\"Computer Name\":\"hostname.example.com\",\"Computer IP\":\"67.43.156.65\",\"Intel Id\":714,\"Intel Type\":\"openioc\",\"Intel Name\":\"ELK - Linux Test ALert\",\"Intel Labels\":\"\",\"Match Details\":{\"match\":{\"hash\":\"01234567890123456789\",\"type\":\"port\",\"source\":\"threatresponse_database\",\"version\":1,\"properties\":{\"process\":{\"pid\":6460,\"args\":\"\\\"C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-asdfas\\\\components\\\\agentbeat.exe\\\" filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E logging.event_data.to_stderr=true -E logging.event_data.to_files=false -E http.enabled=true -E http.host=npipe:///asdfasdfasdfasdfasdfasdfasdfasdf.sock -E \\\"path.data=C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-asdfas\\\\run\\\\filestream-monitoring\\\"\",\"file\":{\"fullpath\":\"C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-25075f\\\\components\\\\agentbeat.exe\"},\"name\":\"agentbeat.exe\",\"ppid\":2536,\"user\":\"NT AUTHORITY\\\\SYSTEM\",\"start_time\":\"2024-12-01T07:33:51.000Z\",\"recorder_table_id\":\"01234567890123456\"},\"local_ip\":\"67.43.156.65\",\"remote_ip\":\"81.2.69.203\",\"local_port\":63123,\"remote_port\":443}},\"finding\":{\"whats\":[{\"source_name\":\"threatresponse_database\",\"intel_intra_ids\":[{\"id_v2\":\"1234567890123456789\"}],\"artifact_activity\":{\"relevant_actions\":[{\"target\":{\"port\":{\"process\":{\"process\":{\"pid\":6460,\"file\":{\"file\":{\"path\":\"C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-asdfas\\\\components\\\\agentbeat.exe\",\"signature_data\":{\"issuer\":\"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1\",\"status\":1,\"subject\":\"Elasticsearch, Inc.\"}},\"artifact_hash\":\"12345678901234567890\",\"instance_hash\":\"12345678901234562290\"},\"name\":\"agentbeat.exe\",\"user\":{\"user\":{\"name\":\"SYSTEM\",\"domain\":\"NT AUTHORITY\",\"user_id\":\"user-o-1\"}},\"parent\":{\"process\":{\"pid\":2536,\"file\":{\"file\":{\"path\":\"C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-asdfas\\\\elastic-agent.exe\",\"signature_data\":{\"issuer\":\"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1\",\"status\":1,\"subject\":\"Elasticsearch, Inc.\"}},\"artifact_hash\":\"8123456789012345678\",\"instance_hash\":\"8123456789012345678\"},\"name\":\"elastic-agent.exe\",\"user\":{\"user\":{\"name\":\"SYSTEM\",\"domain\":\"NT AUTHORITY\",\"user_id\":\"uaer-o-1\"}},\"parent\":{\"process\":{\"pid\":824,\"file\":{\"file\":{\"path\":\"C:\\\\Windows\\\\System32\\\\services.exe\",\"signature_data\":{\"status\":11}},\"artifact_hash\":\"3123456789123456789\",\"instance_hash\":\"3123456789123456789\"},\"name\":\"services.exe\",\"user\":{\"user\":{\"name\":\"SYSTEM\",\"domain\":\"NT AUTHORITY\",\"user_id\":\"user-o-1\"}},\"parent\":{\"process\":{\"pid\":680,\"file\":{\"file\":{\"path\":\"C:\\\\Windows\\\\System32\\\\wininit.exe\",\"signature_data\":{\"status\":11}},\"artifact_hash\":\"11234567890123456789\",\"instance_hash\":\"11234567890123456789\"},\"name\":\"wininit.exe\",\"user\":{\"user\":{\"name\":\"SYSTEM\",\"domain\":\"NT AUTHORITY\",\"user_id\":\"user-o-1\"}},\"parent\":{\"process\":{\"handles\":[],\"tanium_recorder_table_id\":\"12345678901234567\"},\"artifact_hash\":\"812345678901234567\",\"instance_hash\":\"5123456789012345678\"},\"handles\":[],\"arguments\":\"wininit.exe\",\"start_time\":\"2024-12-01T07:33:27.000Z\",\"tanium_recorder_table_id\":\"12345678901234567\"},\"artifact_hash\":\"41234567890123456789\",\"instance_hash\":\"11234567890123456789\"},\"handles\":[],\"arguments\":\"C:\\\\Windows\\\\system32\\\\services.exe\",\"start_time\":\"2024-12-01T07:33:27.000Z\",\"tanium_recorder_table_id\":\"71234567890123456\"},\"artifact_hash\":\"8123456789012345678\",\"instance_hash\":\"11234567890123456789\"},\"handles\":[],\"arguments\":\"\\\"C:\\\\Program Files\\\\Elastic\\\\Agent\\\\elastic-agent.exe\\\"\",\"start_time\":\"2024-12-01T07:33:30.000Z\",\"tanium_recorder_table_id\":\"41234567890123456\"},\"artifact_hash\":\"41234556767890123456\",\"instance_hash\":\"31234234563456734564\"},\"handles\":[],\"arguments\":\"\\\"C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-asdfas\\\\components\\\\agentbeat.exe\\\" filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E logging.event_data.to_stderr=true -E logging.event_data.to_files=false -E http.enabled=true -E http.host=npipe:///asdfasdfasdfasdfasdfasfdasdfasdf.sock -E \\\"path.data=C:\\\\Program Files\\\\Elastic\\\\Agent\\\\data\\\\elastic-agent-8.15.0-asdfas\\\\run\\\\filestream-monitoring\\\"\",\"start_time\":\"2024-12-01T07:33:51.000Z\",\"tanium_recorder_table_id\":\"41234567890123456\"},\"artifact_hash\":\"51234567890123455677\",\"instance_hash\":\"2123456789012345678\"},\"local_ip\":\"67.43.156.65\",\"remote_ip\":\"81.2.69.203\",\"local_port\":63123,\"remote_port\":443,\"connection_time\":\"2024-12-01T16:39:15.000Z\"},\"artifact_hash\":\"61234567890123456789\",\"instance_hash\":\"9123456789012345678\",\"is_intel_target\":true}}]}}],\"domain\":\"threatresponse\",\"hunt_id\":\"hunt:1000123\",\"intel_id\":\"731:3:8bb9caea-3c2c-487c-898c-ebbbf7e4ac55\",\"last_seen\":\"2024-12-01T16:39:19.000Z\",\"threat_id\":\"2123456789012345678\",\"finding_id\":\"5212345678901234567\",\"first_seen\":\"2024-12-01T16:39:19.000Z\",\"source_name\":\"threatresponse_database\",\"system_info\":{\"os\":\"Microsoft Windows Server 2022 Datacenter\",\"bits\":64,\"platform\":\"Windows\",\"patch_level\":\"10.0.20111.0.0\",\"build_number\":\"20321\"},\"reporting_id\":\"hunt:1000111\"},\"intel_id\":714,\"config_id\":1000111,\"config_rev_id\":1},\"MITRE Techniques\":\"[]\",\"Impact Score\":4,\"Link\":\"https://tanium.example.com/#/threatresponse/alerts?guid=b80e010f-bf27-41b8-b028-7f7eb4cbe12b\"}", "type": [ "info" @@ -42,10 +40,16 @@ ], "tanium": { "threat_response": { + "alert_id": "00000000-0000-0000-9a55-325096b39f47", "computer": { "ip": "67.43.156.65", "name": "hostname.example.com" }, + "impact_score": 4, + "intel_id": 714, + "intel_name": "ELK - Linux Test ALert", + "intel_type": "openioc", + "link": "https://tanium.example.com/#/threatresponse/alerts?guid=b80e010f-bf27-41b8-b028-7f7eb4cbe12b", "match_details": { "config_id": 1000111, "config_rev_id": 1, diff --git a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-match-details-empty-map-value.log-expected.json b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-match-details-empty-map-value.log-expected.json index 55214b1ebf6..9b29de34a2a 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-match-details-empty-map-value.log-expected.json +++ b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-match-details-empty-map-value.log-expected.json @@ -9,9 +9,7 @@ "category": [ "host" ], - "kind": [ - "event" - ], + "kind": "alert", "original": "{\"Alert Id\":\"00000000-0000-0000-bff7-f47bab566416\",\"Timestamp\":\"2024-12-01T14:13:14.840Z\",\"Computer Name\":\"hostname.example.com\",\"Computer IP\":\"216.160.83.60\",\"Intel Id\":715,\"Intel Type\":\"openioc\",\"Intel Name\":\"ELK - Linux Test ALert 2 /tmp/iambadvirus.vrs\",\"Intel Labels\":\"\",\"Match Details\":{\"match\":{\"hash\":\"17609926402141399576\",\"type\":\"file\",\"source\":\"at_rest\",\"version\":1,\"properties\":{\"md5\":\"affc5518d1994201d1659890fde69ebb\",\"sha1\":\"3adbbe3ea108260e955fa9ef66355576dabb0e84\",\"sha256\":\"f2f58f9bf1732a38ff996cbfab59ef79b11b67124ed58b8764eb6985d096a23a\",\"fullpath\":\"/tmp/iambadvirus.vrs\"}},\"finding\":{\"whats\":[{\"source_name\":\"at_rest\",\"intel_intra_ids\":[{\"id_v2\":\"51234567891234567890\"}],\"artifact_activity\":{\"relevant_actions\":[{\"target\":{\"file\":{\"hash\":{\"md5\":\"affc5518d1994201d1659890fde69ebb\",\"sha1\":\"3adbbe3ea108260e955fa9ef66355576dabb0e84\",\"sha256\":\"f2f58f9bf1732a38ff996cbfab59ef79b11b67124ed58b8764eb6985d096a23a\"},\"path\":\"/tmp/iambadvirus.vrs\",\"size_bytes\":{},\"magic_number_hex\":{},\"modification_time\":\"2024-12-01T20:25:32.000Z\",\"instance_hash_salt\":\"5432\"},\"artifact_hash\":\"61234567890123456789\",\"instance_hash\":\"7123456778980123456\",\"is_intel_target\":true}}]}}],\"domain\":\"threatresponse\",\"hunt_id\":\"hunt:1000123\",\"intel_id\":\"715:4:8de17746-8210-4ab3-87d2-221ffa7e5dc0\",\"last_seen\":\"2024-12-04T14:10:17.000Z\",\"threat_id\":\"51234567890123456789\",\"finding_id\":\"6123456788901234567\",\"first_seen\":\"2024-12-01T14:10:17.000Z\",\"source_name\":\"at_rest\",\"system_info\":{\"os\":\"Rocky Linux release 9.4 (Blue Onyx)\",\"bits\":64,\"platform\":\"Linux\"},\"reporting_id\":\"hunt:1000123\"},\"intel_id\":715,\"config_id\":1000123,\"config_rev_id\":1},\"MITRE Techniques\":\"[]\",\"Impact Score\":\"\",\"Link\":\"https://tanium.hostname.example.com/#/threatresponse/alerts?guid=00000000-0000-0000-bff7-f47bab566416\"}", "type": [ "info" @@ -47,10 +45,15 @@ ], "tanium": { "threat_response": { + "alert_id": "00000000-0000-0000-bff7-f47bab566416", "computer": { "ip": "216.160.83.60", "name": "hostname.example.com" }, + "intel_id": 715, + "intel_name": "ELK - Linux Test ALert 2 /tmp/iambadvirus.vrs", + "intel_type": "openioc", + "link": "https://tanium.hostname.example.com/#/threatresponse/alerts?guid=00000000-0000-0000-bff7-f47bab566416", "match_details": { "config_id": 1000123, "config_rev_id": 1, diff --git a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-new-default.log-expected.json b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-new-default.log-expected.json index 71a62edc0c1..3f0a7047111 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-new-default.log-expected.json +++ b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-new-default.log-expected.json @@ -9,9 +9,7 @@ "category": [ "host" ], - "kind": [ - "event" - ], + "kind": "alert", "original": "{\"Alert Id\":\"00000000-0000-0000-a8b0-00cd73a5b9d0\",\"Timestamp\":\"2024-12-01T14:20:00.370Z\",\"Computer Name\":\"hostname.example.com\",\"Computer IP\":\"216.160.83.60\",\"Intel Id\":715,\"Intel Type\":\"openioc\",\"Intel Name\":\"ELK - Linux Test ALert 2 /tmp/iambadvirus.vrs\",\"Intel Labels\":\"\",\"Match Details\":{\"match\":{\"hash\":\"61234567890123456789\",\"type\":\"file\",\"source\":\"at_rest\",\"version\":1,\"properties\":{\"md5\":\"02addf15dea00c97050cc5f08d095e65\",\"sha1\":\"8290fd02d831086c007e95e9ee07481337f4dcef\",\"size\":\"69\",\"sha256\":\"b62aff44a248c9934fc9c0daefe3926c347a260bdb4ef59d0a77e6db4be9c786\",\"fullpath\":\"/tmp/verybadvirus.vrs\"}},\"finding\":{\"whats\":[{\"source_name\":\"at_rest\",\"intel_intra_ids\":[{\"id_v2\":\"11234567890123456789\"}],\"artifact_activity\":{\"relevant_actions\":[{\"target\":{\"file\":{\"hash\":{\"md5\":\"02addf15dea00c97050cc5f08d095e65\",\"sha1\":\"8290fd02d831086c007e95e9ee07481337f4dcef\",\"sha256\":\"b62aff44a248c9934fc9c0daefe3926c347a260bdb4ef59d0a77e6db4be9c786\"},\"path\":\"/tmp/verybadvirus.vrs\",\"size_bytes\":\"69\",\"magic_number_hex\":\"23098420\",\"modification_time\":\"2024-12-01T17:42:10.000Z\",\"instance_hash_salt\":\"1234\"},\"artifact_hash\":\"61234567890123456789\",\"instance_hash\":\"1123456789012345678\",\"is_intel_target\":true}}]}}],\"domain\":\"threatresponse\",\"hunt_id\":\"hunt:1000123\",\"intel_id\":\"715:4:b70b41e7-e698-451a-a7e8-b7524a6e6c3c\",\"last_seen\":\"2024-12-01T14:15:25.000Z\",\"threat_id\":\"56112345667882345566\",\"finding_id\":\"712345678901234567\",\"first_seen\":\"2024-12-01T14:15:25.000Z\",\"source_name\":\"at_rest\",\"system_info\":{\"os\":\"Rocky Linux release 9.4 (Blue Onyx)\",\"bits\":64,\"platform\":\"Linux\"},\"reporting_id\":\"hunt:1000123\"},\"intel_id\":715,\"config_id\":1000123,\"config_rev_id\":1},\"MITRE Techniques\":\"[]\",\"Impact Score\":\"\",\"Link\":\"https://tanium.example.com/#/threatresponse/alerts?guid=00000000-0000-0000-a8b0-00cd73a5b9d0\"}", "type": [ "info" @@ -47,10 +45,15 @@ ], "tanium": { "threat_response": { + "alert_id": "00000000-0000-0000-a8b0-00cd73a5b9d0", "computer": { "ip": "216.160.83.60", "name": "hostname.example.com" }, + "intel_id": 715, + "intel_name": "ELK - Linux Test ALert 2 /tmp/iambadvirus.vrs", + "intel_type": "openioc", + "link": "https://tanium.example.com/#/threatresponse/alerts?guid=00000000-0000-0000-a8b0-00cd73a5b9d0", "match_details": { "config_id": 1000123, "config_rev_id": 1, diff --git a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json index 6332c38e938..c9831a786d1 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json +++ b/packages/tanium/data_stream/threat_response/_dev/test/pipeline/test-threat-response.log-expected.json @@ -10,9 +10,7 @@ "host" ], "id": "1181", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":1181,\"table\":\"LiveConnection\",\"rowId\":null,\"revision\":null,\"state\":\"{\\\"connectionId\\\":\\\"remote:worker-1:2471612214:2\\\",\\\"target\\\":{\\\"hostname\\\":\\\"worker-2\\\",\\\"eid\\\":\\\"3\\\"},\\\"sessionId\\\":\\\"bdb90d9c-7165-48f0-b445-2876a12cbc06\\\"}\",\"userId\":5,\"userName\":\"tanium\",\"action\":\"create\",\"createdAt\":\"2022-12-28T09:49:16.002Z\",\"updatedAt\":\"2022-12-28T09:49:16.002Z\"}", "type": [ "info" @@ -70,9 +68,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"name=Netsh WLAN Discovery|source=Tanium Signals|type=tanium-signal 1.0|payload=ewogICAgImludGVsX2lkIjogMTM1LAogICAgImNvbmZpZ19pZCI6IDMsCiAgICAiY29uZmlnX3Jldl9pZCI6IDEsCiAgICAiZmluZGluZyI6IHsKICAgICAgICAid2hhdHMiOiBbCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICJpbnRlbF9pbnRyYV9pZHMiOiBbCiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAiaWQiOiA4NTAzOTQ1ODIKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgImlkIjogOTgzOTYyMTkzCiAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgICAgICJpZCI6IDI2NjcwNjIwMDYKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgImlkIjogMzM5ODQxNjg3OAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAiaWQiOiAzOTk5MDE0NDY1CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICJzb3VyY2VfbmFtZSI6ICJyZWNvcmRlciIsCiAgICAgICAgICAgICAgICAiYXJ0aWZhY3RfYWN0aXZpdHkiOiB7CiAgICAgICAgICAgICAgICAgICAgInJlbGV2YW50X2FjdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ2ZXJiIjogNiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0YXJnZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImZpbGUiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwYXRoIjogIi92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImhhc2giOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAibWQ1IjogIjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJzaGExIjogIjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInNoYTI1NiI6ICJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic2l6ZV9ieXRlcyI6ICI3OSIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJtb2RpZmljYXRpb25fdGltZSI6ICIyMDIyLTA5LTExVDIwOjA4OjI2LjAwMFoiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaW5zdGFuY2VfaGFzaF9zYWx0IjogIjMwMTQ3NjciLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAibWFnaWNfbnVtYmVyX2hleCI6ICIzMTMyMzcyZSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJpbnN0YW5jZV9oYXNoIjogIjk2NjcwMTczNDUxNTA5NjgzNDIiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJhcnRpZmFjdF9oYXNoIjogIjEwNTM4MDA0NTYxMDYyNDkwNiIKICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidGltZXN0YW1wIjogIjIwMjMtMDEtMThUMTA6Mzc6MTguMDAwWiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjogIjQ2MTE2ODYwMTg0NzU4NTU2NzIiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInRhbml1bV9yZWNvcmRlcl9jb250ZXh0IjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJmaWxlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAidW5pcXVlX2V2ZW50X2lkIjogIjQ2MTE2ODYwMTg0NzU4NTU2NzIiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZXZlbnQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0aW1lc3RhbXBfbXMiOiAiMTY3NDAzODIzODc4MCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJmaWxlX2NyZWF0ZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwYXRoIjogIi92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAiYWN0aW5nX2FydGlmYWN0IjogewogICAgICAgICAgICAgICAgICAgICAgICAicHJvY2VzcyI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJoYW5kbGVzIjogWyJiY2QiXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwaWQiOiA0MzE4MSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJhcmd1bWVudHMiOiAiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZmlsZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZmlsZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInBhdGgiOiAiL3Byb2Mvc2VsZi9leGUiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaW5zdGFuY2VfaGFzaCI6ICIxMzE2NDY4MzAwODMwODczMzIzNiIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImFydGlmYWN0X2hhc2giOiAiMTMxNjQ2ODMwMDgzMDg3MzMyMzYiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInVzZXIiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInVzZXIiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogInJvb3QiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZG9tYWluIjogInJvb3QiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAidXNlcl9pZCI6ICIwIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImdyb3VwX2lkIjogIjAiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwYXJlbnQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInByb2Nlc3MiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJoYW5kbGVzIjogWyIwMC05ODctIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwaWQiOiAyMDU4LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYXJndW1lbnRzIjogIi91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZmlsZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJmaWxlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwYXRoIjogIi91c3IvYmluL2RvY2tlcmQiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImluc3RhbmNlX2hhc2giOiAiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImFydGlmYWN0X2hhc2giOiAiMTY3ODgxMjYwMTcwOTA1NzEyOTEiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ1c2VyIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInVzZXIiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAicm9vdCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImRvbWFpbiI6ICJyb290IiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAidXNlcl9pZCI6ICI2MDE4ODI2MzA1ODc2NzIzMjY5IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGFyZW50IjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInByb2Nlc3MiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImhhbmRsZXMiOiBbNDUzXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGlkIjogMSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYXJndW1lbnRzIjogIi9zYmluL2luaXQiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJmaWxlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZmlsZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJwYXRoIjogIi9saWIvc3lzdGVtZC9zeXN0ZW1kIiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJoYXNoIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJtZDUiOiAiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJpbnN0YW5jZV9oYXNoIjogIjEzMTg3NzY2NDU2MDA3MDcyMDE5IiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImFydGlmYWN0X2hhc2giOiAiMTMxODc3NjY0NTYwMDcwNzIwMTkiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAidXNlciI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInVzZXIiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJyb290IiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJkb21haW4iOiAicm9vdCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAidXNlcl9pZCI6ICI2MDE4ODI2MzA1ODc2NzIzMjY5IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic3RhcnRfdGltZSI6ICIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ0YW5pdW1fdW5pcXVlX2lkIjogIjExNTI5MjU2NjQyODI2NzMxNTIxIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJpbnN0YW5jZV9oYXNoIjogIjMxOTY5NjQ4NTI4NTE4ODUzOSIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYXJ0aWZhY3RfaGFzaCI6ICI0NzE0OTAwMTk0MTgwNTMxODM2IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic3RhcnRfdGltZSI6ICIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAidGFuaXVtX3VuaXF1ZV9pZCI6ICIxMTUyOTg2NDMyOTE1OTUxMDAyNiIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJpbnN0YW5jZV9oYXNoIjogIjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYXJ0aWZhY3RfaGFzaCI6ICIxMTcxNTU1Mjk1MDg2MTA1NzE3NyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAic3RhcnRfdGltZSI6ICIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInRhbml1bV91bmlxdWVfaWQiOiAiMTQxNTYwNDI1NzY5OTM0OTUyMTMiCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgICAgICJpbnN0YW5jZV9oYXNoIjogIjExODg2MzgxNjYzMjk0ODAzMDg2IiwKICAgICAgICAgICAgICAgICAgICAgICAgImFydGlmYWN0X2hhc2giOiAiNDAwMTQ1MDUxNzc5NDM3MDMyMCIsCiAgICAgICAgICAgICAgICAgICAgICAgICJpc19pbnRlbF90YXJnZXQiOiB0cnVlCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgXSwKICAgICAgICAiZG9tYWluIjogInRocmVhdHJlc3BvbnNlIiwKICAgICAgICAiaW50ZWxfaWQiOiAiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwKICAgICAgICAiaHVudF9pZCI6ICIzIiwKICAgICAgICAidGhyZWF0X2lkIjogIjg1MDM5NDU4Miw5ODM5NjIxOTMsMjY2NzA2MjAwNiwzMzk4NDE2ODc4LDM5OTkwMTQ0NjUiLAogICAgICAgICJzb3VyY2VfbmFtZSI6ICJyZWNvcmRlciIsCiAgICAgICAgInN5c3RlbV9pbmZvIjogewogICAgICAgICAgICAib3MiOiAiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsCiAgICAgICAgICAgICJiaXRzIjogNjQsCiAgICAgICAgICAgICJwbGF0Zm9ybSI6ICJMaW51eCIKICAgICAgICB9LAogICAgICAgICJmaXJzdF9zZWVuIjogIjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsCiAgICAgICAgImxhc3Rfc2VlbiI6ICIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLAogICAgICAgICJmaW5kaW5nX2lkIjogIjYwMDU5MTMxMTA3MzE3NDg1ODciLAogICAgICAgICJyZXBvcnRpbmdfaWQiOiAicmVwb3J0aW5nLWlkLXBsYWNlaG9sZGVyIgogICAgfSwKICAgICJtYXRjaCI6IHsKICAgICAgICAidmVyc2lvbiI6IDEsCiAgICAgICAgInR5cGUiOiAicHJvY2VzcyIsCiAgICAgICAgInNvdXJjZSI6ICJyZWNvcmRlciIsCiAgICAgICAgImhhc2giOiAiNDAwMTQ1MDUxNzc5NDM3MDMyMCIsCiAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJwaWQiOiA0MzE4MSwKICAgICAgICAgICAgImFyZ3MiOiAiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsCiAgICAgICAgICAgICJyZWNvcmRlcl91bmlxdWVfaWQiOiAiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLAogICAgICAgICAgICAic3RhcnRfdGltZSI6ICIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLAogICAgICAgICAgICAicHBpZCI6IDIwNTgsCiAgICAgICAgICAgICJ1c2VyIjogInJvb3RcXHJvb3QiLAogICAgICAgICAgICAiZmlsZSI6IHsKICAgICAgICAgICAgICAgICJmdWxscGF0aCI6ICIvcHJvYy9zZWxmL2V4ZSIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgIm5hbWUiOiAiL3Byb2Mvc2VsZi9leGUiLAogICAgICAgICAgICAicGFyZW50IjogewogICAgICAgICAgICAgICAgInBpZCI6IDIwNTgsCiAgICAgICAgICAgICAgICAiYXJncyI6ICIvdXNyL2Jpbi9kb2NrZXJkIC1IIGZkOi8vIC0tY29udGFpbmVyZD0vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrIiwKICAgICAgICAgICAgICAgICJyZWNvcmRlcl91bmlxdWVfaWQiOiAiMTE1Mjk4NjQzMjkxNTk1MTAwMjYiLAogICAgICAgICAgICAgICAgInN0YXJ0X3RpbWUiOiAiMjAyMy0wMS0xMVQwODo0NjoyNC4wMDBaIiwKICAgICAgICAgICAgICAgICJwcGlkIjogMSwKICAgICAgICAgICAgICAgICJ1c2VyIjogInJvb3RcXHJvb3QiLAogICAgICAgICAgICAgICAgImZpbGUiOiB7CiAgICAgICAgICAgICAgICAgICAgImZ1bGxwYXRoIjogIi91c3IvYmluL2RvY2tlcmQiCiAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgIm5hbWUiOiAiL3Vzci9iaW4vZG9ja2VyZCIsCiAgICAgICAgICAgICAgICAicGFyZW50IjogewogICAgICAgICAgICAgICAgICAgICJwaWQiOiAxLAogICAgICAgICAgICAgICAgICAgICJhcmdzIjogIi9zYmluL2luaXQiLAogICAgICAgICAgICAgICAgICAgICJyZWNvcmRlcl91bmlxdWVfaWQiOiAiMTE1MjkyNTY2NDI4MjY3MzE1MjEiLAogICAgICAgICAgICAgICAgICAgICJzdGFydF90aW1lIjogIjIwMjMtMDEtMTFUMDg6NDQ6MDIuMDAwWiIsCiAgICAgICAgICAgICAgICAgICAgInVzZXIiOiAicm9vdFxccm9vdCIsCiAgICAgICAgICAgICAgICAgICAgImZpbGUiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJtZDUiOiAiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLAogICAgICAgICAgICAgICAgICAgICAgICAiZnVsbHBhdGgiOiAiL2xpYi9zeXN0ZW1kL3N5c3RlbWQiCiAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICIvbGliL3N5c3RlbWQvc3lzdGVtZCIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgImNvbnRleHRzIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiZmlsZSI6IHsKICAgICAgICAgICAgICAgICAgICAidW5pcXVlRXZlbnRJZCI6ICI0NjExNjg2MDE4NDc1ODU1NjcyIgogICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICJldmVudCI6IHsKICAgICAgICAgICAgICAgICAgICAidGltZXN0YW1wTXMiOiAiMTY3NDAzODIzODc4MCIsCiAgICAgICAgICAgICAgICAgICAgImZpbGVDcmVhdGUiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJwYXRoIjogIi92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIgogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIF0KICAgIH0KfQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -355,9 +351,7 @@ "host" ], "id": "00000000-0000-0000-5371-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-3\",\"Event Id\":\"00000000-0000-0000-5371-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -626,9 +620,7 @@ "host" ], "id": "00000000-0000-0000-5372-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-4\",\"Event Id\":\"00000000-0000-0000-5372-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"name=Windows Remote Access Dialer Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -689,9 +681,7 @@ "host" ], "id": "00000000-0000-0000-5373-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5373-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"name=Netsh WLAN Discovery|source=Tanium Signals|type=tanium-signal 1.0|payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjciLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1NzYsOTgzOTYyNzY1LDI2NjcwNjIwMDYsMjY2NzA2Mjc2OCwyNjY3MDYyNDM1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjMiLCJzeXN0ZW1faW5mbyI6eyJvcyI6Ilwid2luZG93cyAxMC4wMC4wIFwiIiwiYml0cyI6NjQsInBsYXRmb3JtIjoiTGludXgifSwiZmlyc3Rfc2VlbiI6IjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsImxhc3Rfc2VlbiI6IjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsImZpbmRpbmdfaWQiOiI2Nzg3OTg3MDExNTMxNzU2MTY1IiwicmVwb3J0aW5nX2lkIjoicmVwb3J0aW5nLWlkLXBsYWNlaG9sZGVyIn0sIm1hdGNoIjp7InZlcnNpb24iOjEsInR5cGUiOiJwcm9jZXNzIiwic291cmNlIjoicmVjb3JkZXIiLCJoYXNoIjoiNDAwMTQ1MDUxNzc5NDM3MDMyMCIsInByb3BlcnRpZXMiOnsicGlkIjo0MzE4MSwiYXJncyI6ImRvY2tlci11bnRhciAvIC92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxNDE1NjA0MjU3Njk5MzQ5NTIxMyIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJwcGlkIjoyMDU4LCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvcHJvYy9zZWxmL2V4ZSJ9LCJuYW1lIjoiL3Byb2Mvc2VsZi9leGUiLCJwYXJlbnQiOnsicGlkIjoyMDU4LCJhcmdzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjExNTI5ODY0MzI5MTU5NTEwMDI2Iiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMTFUMDg6NDY6MjQuMDAwWiIsInBwaWQiOjEsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii91c3IvYmluL2RvY2tlcmQifSwibmFtZSI6Ii91c3IvYmluL2RvY2tlcmQiLCJwYXJlbnQiOnsicGlkIjoxLCJhcmdzIjoiL3NiaW4vaW5pdCIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjExNTI5MjU2NjQyODI2NzMxNTIxIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMTFUMDg6NDQ6MDIuMDAwWiIsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJtZDUiOiJhYzhiMjdjZTY2NDFjYmE0ZWQyYzVlNzYyZjA0MTk4NiIsImZ1bGxwYXRoIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifSwibmFtZSI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn19fSwiY29udGV4dHMiOlt7ImZpbGUiOnsidW5pcXVlRXZlbnRJZCI6IjQ2MTE2ODYwMTg0NzU4NTU2NzIifSwiZXZlbnQiOnsidGltZXN0YW1wTXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZUNyZWF0ZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMifX19XX19\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -965,9 +955,7 @@ "host" ], "id": "00000000-0000-0000-5370-4b574d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-6\",\"Event Id\":\"00000000-0000-0000-5370-4b574d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"name=Netsh WLAN Discovery|source=Tanium Signals|type=tanium-signal 1.0|payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjciLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1NzYsOTgzOTYyNzY1LDI2NjcwNjIwMDYsMjY2NzA2Mjc2OCwyNjY3MDYyNDM1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjMiLCJzeXN0ZW1faW5mbyI6eyJvcyI6Ilwid2luZG93cyAxMC4wMC4wIFwiIiwiYml0cyI6NjQsInBsYXRmb3JtIjoiTGludXgifSwiZmlyc3Rfc2VlbiI6IjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsImxhc3Rfc2VlbiI6IjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsImZpbmRpbmdfaWQiOiI2Nzg3OTg3MDExNTMxNzU2MTY1IiwicmVwb3J0aW5nX2lkIjoicmVwb3J0aW5nLWlkLXBsYWNlaG9sZGVyIn0sIm1hdGNoIjp7InZlcnNpb24iOjEsInR5cGUiOiJwcm9jZXNzIiwic291cmNlIjoicmVjb3JkZXIiLCJoYXNoIjoiNDAwMTQ1MDUxNzc5NDM3MDMyMCIsInByb3BlcnRpZXMiOnsicGlkIjo0MzE4MSwiYXJncyI6ImRvY2tlci11bnRhciAvIC92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxNDE1NjA0MjU3Njk5MzQ5NTIxMyIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJwcGlkIjoyMDU4LCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvcHJvYy9zZWxmL2V4ZSJ9LCJuYW1lIjoiL3Byb2Mvc2VsZi9leGUiLCJwYXJlbnQiOnsicGlkIjoyMDU4LCJhcmdzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjExNTI5ODY0MzI5MTU5NTEwMDI2Iiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMTFUMDg6NDY6MjQuMDAwWiIsInBwaWQiOjEsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii91c3IvYmluL2RvY2tlcmQifSwibmFtZSI6Ii91c3IvYmluL2RvY2tlcmQiLCJwYXJlbnQiOnsicGlkIjoxLCJhcmdzIjoiL3NiaW4vaW5pdCIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjExNTI5MjU2NjQyODI2NzMxNTIxIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMTFUMDg6NDQ6MDIuMDAwWiIsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJtZDUiOiJhYzhiMjdjZTY2NDFjYmE0ZWQyYzVlNzYyZjA0MTk4NiIsImZ1bGxwYXRoIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifSwibmFtZSI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn19fSwiY29udGV4dHMiOlt7ImZpbGUiOnsidW5pcXVlRXZlbnRJZCI6IjQ2MTE2ODYwMTg0NzU4NTU2NzIifSwiZXZlbnQiOnsidGltZXN0YW1wTXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZUNyZWF0ZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMifX19XX19\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -1241,9 +1229,7 @@ "host" ], "id": "00000000-0000-0000-5890-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5890-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjQiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyNzY1LDI2NjcwNjIwMDYsMjY2NzA2Mjc2OCwyNjY3MDYyNDM1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjMiLCJzeXN0ZW1faW5mbyI6eyJvcyI6Ilwid2luZG93cyAxMC4wMC4wIFwiIiwiYml0cyI6NjQsInBsYXRmb3JtIjoiTGludXgifSwiZmlyc3Rfc2VlbiI6IjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsImxhc3Rfc2VlbiI6IjIwMjMtMDEtMThUMTA6Mzc6MzYuMDAwWiIsImZpbmRpbmdfaWQiOiI2Nzg3OTg3MDExNTMxNzU2MTY1IiwicmVwb3J0aW5nX2lkIjoicmVwb3J0aW5nLWlkLXBsYWNlaG9sZGVyIn0sIm1hdGNoIjp7InZlcnNpb24iOjEsInR5cGUiOiJwcm9jZXNzIiwic291cmNlIjoicmVjb3JkZXIiLCJoYXNoIjoiNDAwMTQ1MDUxNzc5NDM3MDMyMCIsInByb3BlcnRpZXMiOnsicGlkIjo0MzE4MSwiYXJncyI6ImRvY2tlci11bnRhciAvIC92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxNDE1NjA0MjU3Njk5MzQ5NTIxMyIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJwcGlkIjoyMDU4LCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvcHJvYy9zZWxmL2V4ZSJ9LCJuYW1lIjoiL3Byb2Mvc2VsZi9leGUiLCJwYXJlbnQiOnsicGlkIjoyMDU4LCJhcmdzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjExNTI5ODY0MzI5MTU5NTEwMDI2Iiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMTFUMDg6NDY6MjQuMDAwWiIsInBwaWQiOjEsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii91c3IvYmluL2RvY2tlcmQifSwibmFtZSI6Ii91c3IvYmluL2RvY2tlcmQiLCJwYXJlbnQiOnsicGlkIjoxLCJhcmdzIjoiL3NiaW4vaW5pdCIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjExNTI5MjU2NjQyODI2NzMxNTIxIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMTFUMDg6NDQ6MDIuMDAwWiIsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJtZDUiOiJhYzhiMjdjZTY2NDFjYmE0ZWQyYzVlNzYyZjA0MTk4NiIsImZ1bGxwYXRoIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifSwibmFtZSI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn19fSwiY29udGV4dHMiOlt7ImZpbGUiOnsidW5pcXVlRXZlbnRJZCI6IjQ2MTE2ODYwMTg0NzU4NTU2NzIifSwiZXZlbnQiOnsidGltZXN0YW1wTXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZUNyZWF0ZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMifX19XX19\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -1512,9 +1498,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a374d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-8\",\"Event Id\":\"00000000-0000-0000-5370-4a374d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjQiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyNzY1LDI2NjcwNjIwMDYsMjY2NzA2Mjc2OCwyNjY3MDYyNDM1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjMiLCJzeXN0ZW1faW5mbyI6eyJvcyI6IlwiVWJ1bnR1IDE4LjA0LjYgTFRTXCIiLCJiaXRzIjo2NCwicGxhdGZvcm0iOiJMaW51eCJ9LCJmaXJzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwibGFzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwiZmluZGluZ19pZCI6IjY3ODc5ODcwMTE1MzE3NTYxNjUiLCJyZXBvcnRpbmdfaWQiOiJyZXBvcnRpbmctaWQtcGxhY2Vob2xkZXIifSwibWF0Y2giOnsidmVyc2lvbiI6MSwidHlwZSI6InByb2Nlc3MiLCJzb3VyY2UiOiJyZWNvcmRlciIsImhhc2giOiI0MDAxNDUwNTE3Nzk0MzcwMzIwIiwicHJvcGVydGllcyI6eyJwaWQiOjQzMTgxLCJhcmdzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjE0MTU2MDQyNTc2OTkzNDk1MjEzIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMThUMTA6Mzc6MTguMDAwWiIsInBwaWQiOjIwNTgsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii9wcm9jL3NlbGYvZXhlIn0sIm5hbWUiOiIvcHJvYy9zZWxmL2V4ZSIsInBhcmVudCI6eyJwaWQiOjIwNTgsImFyZ3MiOiIvdXNyL2Jpbi9kb2NrZXJkIC1IIGZkOi8vIC0tY29udGFpbmVyZD0vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NjoyNC4wMDBaIiwicHBpZCI6MSwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJuYW1lIjoiL3Vzci9iaW4vZG9ja2VyZCIsInBhcmVudCI6eyJwaWQiOjEsImFyZ3MiOiIvc2Jpbi9pbml0IiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NDowMi4wMDBaIiwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7Im1kNSI6ImFjOGIyN2NlNjY0MWNiYTRlZDJjNWU3NjJmMDQxOTg2IiwiZnVsbHBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9LCJuYW1lIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifX19LCJjb250ZXh0cyI6W3siZmlsZSI6eyJ1bmlxdWVFdmVudElkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBNcyI6IjE2NzQwMzgyMzg3ODAiLCJmaWxlQ3JlYXRlIjp7InBhdGgiOiIvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmL2V0Yy9ob3N0cyJ9fX1dfX0=\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -1783,9 +1767,7 @@ "host" ], "id": "00000000-0000-0000-5389-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5389-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjQiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyNzY1LDI2NjcwNjIwMDYsMjY2NzA2Mjc2OCwyNjY3MDYyNDM1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjEiLCJzeXN0ZW1faW5mbyI6eyJvcyI6IlwiVWJ1bnR1IDE4LjA0LjYgTFRTXCIiLCJiaXRzIjo2NCwicGxhdGZvcm0iOiJMaW51eCJ9LCJmaXJzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwibGFzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwiZmluZGluZ19pZCI6IjY3ODc5ODcwMTE1MzE3NTYxNjUiLCJyZXBvcnRpbmdfaWQiOiJyZXBvcnRpbmctaWQtcGxhY2Vob2xkZXIifSwibWF0Y2giOnsidmVyc2lvbiI6MSwidHlwZSI6InByb2Nlc3MiLCJzb3VyY2UiOiJyZWNvcmRlciIsImhhc2giOiI0MDAxNDUwNTE3Nzk0MzcwMzIwIiwicHJvcGVydGllcyI6eyJwaWQiOjQzMTgxLCJhcmdzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjE0MTU2MDQyNTc2OTkzNDk1MjEzIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMThUMTA6Mzc6MTguMDAwWiIsInBwaWQiOjIwNTgsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii9wcm9jL3NlbGYvZXhlIn0sIm5hbWUiOiIvcHJvYy9zZWxmL2V4ZSIsInBhcmVudCI6eyJwaWQiOjIwNTgsImFyZ3MiOiIvdXNyL2Jpbi9kb2NrZXJkIC1IIGZkOi8vIC0tY29udGFpbmVyZD0vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NjoyNC4wMDBaIiwicHBpZCI6MSwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJuYW1lIjoiL3Vzci9iaW4vZG9ja2VyZCIsInBhcmVudCI6eyJwaWQiOjEsImFyZ3MiOiIvc2Jpbi9pbml0IiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NDowMi4wMDBaIiwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7Im1kNSI6ImFjOGIyN2NlNjY0MWNiYTRlZDJjNWU3NjJmMDQxOTg2IiwiZnVsbHBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9LCJuYW1lIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifX19LCJjb250ZXh0cyI6W3siZmlsZSI6eyJ1bmlxdWVFdmVudElkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBNcyI6IjE2NzQwMzgyMzg3ODAiLCJmaWxlQ3JlYXRlIjp7InBhdGgiOiIvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmL2V0Yy9ob3N0cyJ9fX1dfX0=\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:13:28.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -2054,9 +2036,7 @@ "host" ], "id": "00000000-0000-0000-5376-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5376-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMjY2NzA2Mjc2OCwyNjY3MDYyNDM1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjEiLCJzeXN0ZW1faW5mbyI6eyJvcyI6IlwiVWJ1bnR1IDE4LjA0LjYgTFRTXCIiLCJiaXRzIjo2NCwicGxhdGZvcm0iOiJMaW51eCJ9LCJmaXJzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwibGFzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwiZmluZGluZ19pZCI6IjY3ODc5ODcwMTE1MzE3NTYxNjUiLCJyZXBvcnRpbmdfaWQiOiJyZXBvcnRpbmctaWQtcGxhY2Vob2xkZXIifSwibWF0Y2giOnsidmVyc2lvbiI6MSwidHlwZSI6InByb2Nlc3MiLCJzb3VyY2UiOiJyZWNvcmRlciIsImhhc2giOiI0MDAxNDUwNTE3Nzk0MzcwMzIwIiwicHJvcGVydGllcyI6eyJwaWQiOjQzMTgxLCJhcmdzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjE0MTU2MDQyNTc2OTkzNDk1MjEzIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMThUMTA6Mzc6MTguMDAwWiIsInBwaWQiOjIwNTgsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii9wcm9jL3NlbGYvZXhlIn0sIm5hbWUiOiIvcHJvYy9zZWxmL2V4ZSIsInBhcmVudCI6eyJwaWQiOjIwNTgsImFyZ3MiOiIvdXNyL2Jpbi9kb2NrZXJkIC1IIGZkOi8vIC0tY29udGFpbmVyZD0vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NjoyNC4wMDBaIiwicHBpZCI6MSwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJuYW1lIjoiL3Vzci9iaW4vZG9ja2VyZCIsInBhcmVudCI6eyJwaWQiOjEsImFyZ3MiOiIvc2Jpbi9pbml0IiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NDowMi4wMDBaIiwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7Im1kNSI6ImFjOGIyN2NlNjY0MWNiYTRlZDJjNWU3NjJmMDQxOTg2IiwiZnVsbHBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9LCJuYW1lIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifX19LCJjb250ZXh0cyI6W3siZmlsZSI6eyJ1bmlxdWVFdmVudElkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBNcyI6IjE2NzQwMzgyMzg3ODAiLCJmaWxlQ3JlYXRlIjp7InBhdGgiOiIvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmL2V0Yy9ob3N0cyJ9fX1dfX0=\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -2325,9 +2305,7 @@ "host" ], "id": "00000000-0000-0000-5398-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-4\",\"Event Id\":\"00000000-0000-0000-5398-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlcjEiLCJzeXN0ZW1faW5mbyI6eyJvcyI6IlwiVWJ1bnR1IDE4LjA0LjYgTFRTXCIiLCJiaXRzIjo2NCwicGxhdGZvcm0iOiJMaW51eCJ9LCJmaXJzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwibGFzdF9zZWVuIjoiMjAyMy0wMS0xOFQxMDozNzozNi4wMDBaIiwiZmluZGluZ19pZCI6IjY3ODc5ODcwMTE1MzE3NTYxNjUiLCJyZXBvcnRpbmdfaWQiOiJyZXBvcnRpbmctaWQtcGxhY2Vob2xkZXIifSwibWF0Y2giOnsidmVyc2lvbiI6MSwidHlwZSI6InByb2Nlc3MiLCJzb3VyY2UiOiJyZWNvcmRlciIsImhhc2giOiI0MDAxNDUwNTE3Nzk0MzcwMzIwIiwicHJvcGVydGllcyI6eyJwaWQiOjQzMTgxLCJhcmdzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsInJlY29yZGVyX3VuaXF1ZV9pZCI6IjE0MTU2MDQyNTc2OTkzNDk1MjEzIiwic3RhcnRfdGltZSI6IjIwMjMtMDEtMThUMTA6Mzc6MTguMDAwWiIsInBwaWQiOjIwNTgsInVzZXIiOiJyb290XFxyb290IiwiZmlsZSI6eyJmdWxscGF0aCI6Ii9wcm9jL3NlbGYvZXhlIn0sIm5hbWUiOiIvcHJvYy9zZWxmL2V4ZSIsInBhcmVudCI6eyJwaWQiOjIwNTgsImFyZ3MiOiIvdXNyL2Jpbi9kb2NrZXJkIC1IIGZkOi8vIC0tY29udGFpbmVyZD0vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NjoyNC4wMDBaIiwicHBpZCI6MSwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJuYW1lIjoiL3Vzci9iaW4vZG9ja2VyZCIsInBhcmVudCI6eyJwaWQiOjEsImFyZ3MiOiIvc2Jpbi9pbml0IiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xMVQwODo0NDowMi4wMDBaIiwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7Im1kNSI6ImFjOGIyN2NlNjY0MWNiYTRlZDJjNWU3NjJmMDQxOTg2IiwiZnVsbHBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9LCJuYW1lIjoiL2xpYi9zeXN0ZW1kL3N5c3RlbWQifX19LCJjb250ZXh0cyI6W3siZmlsZSI6eyJ1bmlxdWVFdmVudElkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBNcyI6IjE2NzQwMzgyMzg3ODAiLCJmaWxlQ3JlYXRlIjp7InBhdGgiOiIvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmL2V0Yy9ob3N0cyJ9fX1dfX0=\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:45:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -2596,9 +2574,7 @@ "host" ], "id": "00000000-0000-0034-5399-4a275h06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0034-5399-4a275h06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjc4Nzk4NzAxMTUzMTc1NjE2NSIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:34:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -2867,9 +2843,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d09f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-7\",\"Event Id\":\"00000000-0000-0000-5370-4a274d09f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:45:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -3138,9 +3112,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f5tc", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.112\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f5tc\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:43:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -3409,9 +3381,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.112\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:44:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -3680,9 +3650,7 @@ "host" ], "id": "00000000-0000-0000-5370-4nb74d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.128\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4nb74d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"123\",\"User Name\":\"\"}", "type": [ "info" @@ -3956,9 +3924,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.128\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4ec\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:55:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"123\",\"User Name\":\"\"}", "type": [ "info" @@ -4232,9 +4198,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4vf", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.128\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4vf\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:58:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"123\",\"User Name\":\"\"}", "type": [ "info" @@ -4508,9 +4472,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4bh", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.112\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4bh\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:45:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"123\",\"User Name\":\"\"}", "type": [ "info" @@ -4784,9 +4746,7 @@ "host" ], "id": "1179", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":1179,\"table\":\"LiveConnection\",\"rowId\":null,\"revision\":null,\"state\":\"{\\\"connectionId\\\":\\\"remote:worker-1:2471612214:2\\\",\\\"target\\\":{\\\"hostname\\\":\\\"worker-2\\\",\\\"eid\\\":\\\"3\\\"},\\\"sessionId\\\":\\\"bdb90d9c-7165-48f0-b445-2876a12cbc06\\\"}\",\"userId\":2,\"userName\":\"tanium\",\"action\":\"create\",\"createdAt\":\"2022-12-28T09:49:16.002Z\",\"updatedAt\":\"2022-12-28T09:49:16.002Z\"}", "type": [ "info" @@ -4844,9 +4804,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4nb", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.128\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4nb\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"657\",\"User Name\":\"\"}", "type": [ "info" @@ -5120,9 +5078,7 @@ "host" ], "id": "1179", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":1179,\"table\":\"LiveConnection\",\"rowId\":null,\"revision\":null,\"state\":\"{\\\"connectionId\\\":\\\"remote:worker-1:2471612214:2\\\",\\\"target\\\":{\\\"hostname\\\":\\\"worker-2\\\",\\\"eid\\\":\\\"3\\\"},\\\"sessionId\\\":\\\"bdb90d9c-7165-48f0-b445-2876a12cbc06\\\"}\",\"userId\":2,\"userName\":\"tanium\",\"action\":\"update\",\"createdAt\":\"2022-12-28T09:49:16.002Z\",\"updatedAt\":\"2022-12-28T09:49:16.002Z\"}", "type": [ "info" @@ -5180,9 +5136,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4jh", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.112\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4jh\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:40:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"657\",\"User Name\":\"\"}", "type": [ "info" @@ -5456,9 +5410,7 @@ "host" ], "id": "1180", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":1180,\"table\":\"LiveConnection\",\"rowId\":null,\"revision\":null,\"state\":\"{\\\"connectionId\\\":\\\"remote:worker-1:2471612214:2\\\",\\\"target\\\":{\\\"hostname\\\":\\\"worker-2\\\",\\\"eid\\\":\\\"3\\\"},\\\"sessionId\\\":\\\"bdb90d9c-7165-48f0-b445-2876a12cbc06\\\"}\",\"userId\":2,\"userName\":\"tanium\",\"action\":\"create\",\"createdAt\":\"2022-12-28T09:49:16.002Z\",\"updatedAt\":\"2022-12-28T09:49:16.002Z\"}", "type": [ "info" @@ -5516,9 +5468,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4bh", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.128\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4bh\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T11:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"657\",\"User Name\":\"\"}", "type": [ "info" @@ -5792,9 +5742,7 @@ "host" ], "id": "1181", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":1181,\"table\":\"LiveConnection\",\"rowId\":null,\"revision\":null,\"state\":\"{\\\"connectionId\\\":\\\"remote:worker-1:2471612214:2\\\",\\\"target\\\":{\\\"hostname\\\":\\\"worker-2\\\",\\\"eid\\\":\\\"3\\\"},\\\"sessionId\\\":\\\"bdb90d9c-7165-48f0-b445-2876a12cbc06\\\"}\",\"userId\":5,\"userName\":\"tanium\",\"action\":\"create\",\"createdAt\":\"2022-12-28T09:49:16.002Z\",\"updatedAt\":\"2022-12-28T09:49:16.002Z\"}", "type": [ "info" @@ -5852,9 +5800,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4bh", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"89.160.20.128\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4bh\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:45.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"879\",\"User Name\":\"\"}", "type": [ "info" @@ -6128,9 +6074,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06h5ty", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06h5ty\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"name=Windows Remote Access Dialer Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0|payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"\",\"User Id\":\"1\",\"User Name\":\"Tanium\"}", "type": [ "info" @@ -6410,9 +6354,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06h5ty", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06h5ty\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:23:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -6681,9 +6623,7 @@ "host" ], "id": "00000000-0000-0000-5370-4a274d06f4ec", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-2\",\"Event Id\":\"00000000-0000-0000-5370-4a274d06f4ec\",\"Event Name\":\"detect.unmatch\",\"Other Parameters\":\"name=Windows Remote Access Dialer Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"xyz\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -6744,9 +6684,7 @@ "host" ], "id": "e7797e37-5e06-4b52-9c6d-9f7d81fd7fc4", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.142\",\"Computer Name\":\"\",\"Event Id\":\"e7797e37-5e06-4b52-9c6d-9f7d81fd7fc4\",\"Event Name\":\"detect.service.intel.modified\",\"Other Parameters\":\"name=Netsh WLAN Discovery|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-02-01T00:35:37.936Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -6806,9 +6744,7 @@ "host" ], "id": "2fd3503a-c432-4890-8a9e-9cb22ee3ce66", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.142\",\"Computer Name\":\"\",\"Event Id\":\"2fd3503a-c432-4890-8a9e-9cb22ee3ce66\",\"Event Name\":\"detect.service.intel.modified\",\"Other Parameters\":\"name=Netsh WLAN Discovery|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:33.445Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -6868,9 +6804,7 @@ "host" ], "id": "2a7f8213-6413-49a4-9215-ced455426f59", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.142\",\"Computer Name\":\"\",\"Event Id\":\"2a7f8213-6413-49a4-9215-ced455426f59\",\"Event Name\":\"detect.service.intel.created\",\"Other Parameters\":\"name=InfDefaultInstall Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:33.060Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -6930,9 +6864,7 @@ "host" ], "id": "5e5dff7a-abd2-40d8-9037-ddbc9b4b777b", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.142\",\"Computer Name\":\"\",\"Event Id\":\"5e5dff7a-abd2-40d8-9037-ddbc9b4b777b\",\"Event Name\":\"detect.service.intel.modified\",\"Other Parameters\":\"name=WDigest Key Modification|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:34.657Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -6992,9 +6924,7 @@ "host" ], "id": "a36142a3-d002-41ba-89a1-5e0b5407812c", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.142\",\"Computer Name\":\"\",\"Event Id\":\"a36142a3-d002-41ba-89a1-5e0b5407812c\",\"Event Name\":\"detect.service.intel.created\",\"Other Parameters\":\"name=Shim Database Persistence Custom|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:34.285Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -7054,9 +6984,7 @@ "host" ], "id": "ef39b453-64aa-4ee4-b01f-4f853972260e", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.144\",\"Computer Name\":\"\",\"Event Id\":\"ef39b453-64aa-4ee4-b01f-4f853972260e\",\"Event Name\":\"detect.service.intel.modified\",\"Other Parameters\":\"name=Reg Security Access|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:33.975Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -7116,9 +7044,7 @@ "host" ], "id": "66948051-49a7-412c-b7fa-e82157d6d2ca", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.144\",\"Computer Name\":\"\",\"Event Id\":\"66948051-49a7-412c-b7fa-e82157d6d2ca\",\"Event Name\":\"detect.service.intel.modified\",\"Other Parameters\":\"name=Reg SAM Access|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:33.958Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -7178,9 +7104,7 @@ "host" ], "id": "c01461fa-6189-4796-b160-7532bb2c4e8d", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.144\",\"Computer Name\":\"\",\"Event Id\":\"c01461fa-6189-4796-b160-7532bb2c4e8d\",\"Event Name\":\"detect.service.intel.created\",\"Other Parameters\":\"name=Presentationhost Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:33.759Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -7240,9 +7164,7 @@ "host" ], "id": "fa51d9e6-3bb7-460d-a4c7-5264c571288d", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.144\",\"Computer Name\":\"\",\"Event Id\":\"fa51d9e6-3bb7-460d-a4c7-5264c571288d\",\"Event Name\":\"detect.service.intel.created\",\"Other Parameters\":\"name=Pcwrun Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:33.570Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -7302,9 +7224,7 @@ "host" ], "id": "f826c1ca-2914-4990-ab39-b1d4f5595eca", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.144\",\"Computer Name\":\"\",\"Event Id\":\"f826c1ca-2914-4990-ab39-b1d4f5595eca\",\"Event Name\":\"detect.service.intel.created\",\"Other Parameters\":\"name=Windows Remote Access Dialer Proxy Execution|source=Tanium Signals|type=tanium-signal 1.0\",\"Priority\":\"low\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-31T23:35:34.812Z\",\"User Domain\":\"\",\"User Id\":1,\"User Name\":\"tanium\"}", "type": [ "info" @@ -7364,9 +7284,7 @@ "host" ], "id": "00000000-0000-0000-5359-4a274d06f4eb", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5359-4a274d06f4eb\",\"Event Name\":\"detect.match\",\"Other Parameters\":\"payload=eyJpbnRlbF9pZCI6MTM1LCJjb25maWdfaWQiOjMsImNvbmZpZ19yZXZfaWQiOjEsImZpbmRpbmciOnsid2hhdHMiOlt7ImludGVsX2ludHJhX2lkcyI6W3siaWQiOjg1MDM5NDU4Mn0seyJpZCI6OTgzOTYyMTkzfSx7ImlkIjoyNjY3MDYyMDA2fSx7ImlkIjozMzk4NDE2ODc4fSx7ImlkIjozOTk5MDE0NDY1fV0sInNvdXJjZV9uYW1lIjoicmVjb3JkZXIiLCJhcnRpZmFjdF9hY3Rpdml0eSI6eyJyZWxldmFudF9hY3Rpb25zIjpbeyJ2ZXJiIjo2LCJ0YXJnZXQiOnsiZmlsZSI6eyJwYXRoIjoiL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZi9ldGMvaG9zdHMiLCJoYXNoIjp7Im1kNSI6IjRkMWYxMjU3Yjg0NmJkYTgyZDAzMzhmYjU0MWU3MzAxIiwic2hhMSI6IjA0M2ViMzI0YTY1MzQ1NmNhYTFhNzNlMmUyZDQ5Zjc3NzkyYmIwYzUiLCJzaGEyNTYiOiJlMzk5OGRiZTAyYjUxZGFkYTMzZGU4N2FlNDNkMThhOTNhYjY5MTViOWUzNGY1YTc1MWJmMmI5YjI1YTU1NDkyIn0sInNpemVfYnl0ZXMiOiI3OSIsIm1vZGlmaWNhdGlvbl90aW1lIjoiMjAyMi0wOS0xMVQyMDowODoyNi4wMDBaIiwiaW5zdGFuY2VfaGFzaF9zYWx0IjoiMzAxNDc2NyIsIm1hZ2ljX251bWJlcl9oZXgiOiIzMTMyMzcyZSJ9LCJpbnN0YW5jZV9oYXNoIjoiOTY2NzAxNzM0NTE1MDk2ODM0MiIsImFydGlmYWN0X2hhc2giOiIxMDUzODAwNDU2MTA2MjQ5MDYifSwidGltZXN0YW1wIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwidGFuaXVtX3JlY29yZGVyX2V2ZW50X3RhYmxlX2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiIsInRhbml1bV9yZWNvcmRlcl9jb250ZXh0Ijp7ImZpbGUiOnsidW5pcXVlX2V2ZW50X2lkIjoiNDYxMTY4NjAxODQ3NTg1NTY3MiJ9LCJldmVudCI6eyJ0aW1lc3RhbXBfbXMiOiIxNjc0MDM4MjM4NzgwIiwiZmlsZV9jcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fX1dLCJhY3RpbmdfYXJ0aWZhY3QiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjo0MzE4MSwiYXJndW1lbnRzIjoiZG9ja2VyLXVudGFyIC8gL3Zhci9saWIvZG9ja2VyL292ZXJsYXkyLzJiY2ZmYjdmMGQ2YTNmMzdhNjE5OWNhNjkxNjQ5ZWE0OTM1OGEyYzJlODdmMzkyMDI1NjJlNTBlYjVjZDI4MDUvZGlmZiIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwiaW5zdGFuY2VfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2IiwiYXJ0aWZhY3RfaGFzaCI6IjEzMTY0NjgzMDA4MzA4NzMzMjM2In0sInVzZXIiOnsidXNlciI6eyJuYW1lIjoicm9vdCIsImRvbWFpbiI6InJvb3QiLCJ1c2VyX2lkIjoiMCIsImdyb3VwX2lkIjoiMCJ9fSwicGFyZW50Ijp7InByb2Nlc3MiOnsiaGFuZGxlcyI6W10sInBpZCI6MjA1OCwiYXJndW1lbnRzIjoiL3Vzci9iaW4vZG9ja2VyZCAtSCBmZDovLyAtLWNvbnRhaW5lcmQ9L3J1bi9jb250YWluZXJkL2NvbnRhaW5lcmQuc29jayIsImZpbGUiOnsiZmlsZSI6eyJwYXRoIjoiL3Vzci9iaW4vZG9ja2VyZCJ9LCJpbnN0YW5jZV9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEiLCJhcnRpZmFjdF9oYXNoIjoiMTY3ODgxMjYwMTcwOTA1NzEyOTEifSwidXNlciI6eyJ1c2VyIjp7Im5hbWUiOiJyb290IiwiZG9tYWluIjoicm9vdCIsInVzZXJfaWQiOiI2MDE4ODI2MzA1ODc2NzIzMjY5In19LCJwYXJlbnQiOnsicHJvY2VzcyI6eyJoYW5kbGVzIjpbXSwicGlkIjoxLCJhcmd1bWVudHMiOiIvc2Jpbi9pbml0IiwiZmlsZSI6eyJmaWxlIjp7InBhdGgiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCIsImhhc2giOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYifX0sImluc3RhbmNlX2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSIsImFydGlmYWN0X2hhc2giOiIxMzE4Nzc2NjQ1NjAwNzA3MjAxOSJ9LCJ1c2VyIjp7InVzZXIiOnsibmFtZSI6InJvb3QiLCJkb21haW4iOiJyb290IiwidXNlcl9pZCI6IjYwMTg4MjYzMDU4NzY3MjMyNjkifX0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1MjkyNTY2NDI4MjY3MzE1MjEifSwiaW5zdGFuY2VfaGFzaCI6IjMxOTY5NjQ4NTI4NTE4ODUzOSIsImFydGlmYWN0X2hhc2giOiI0NzE0OTAwMTk0MTgwNTMxODM2In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTE1Mjk4NjQzMjkxNTk1MTAwMjYifSwiaW5zdGFuY2VfaGFzaCI6IjE3MTMyMTc2Mjk2OTI2MTcwMDY4IiwiYXJ0aWZhY3RfaGFzaCI6IjExNzE1NTUyOTUwODYxMDU3MTc3In0sInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTE4VDEwOjM3OjE4LjAwMFoiLCJ0YW5pdW1fdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMifSwiaW5zdGFuY2VfaGFzaCI6IjExODg2MzgxNjYzMjk0ODAzMDg2IiwiYXJ0aWZhY3RfaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJpc19pbnRlbF90YXJnZXQiOnRydWV9fX1dLCJkb21haW4iOiJ0aHJlYXRyZXNwb25zZSIsImludGVsX2lkIjoiMTM1OjE6N2I4OWFjMzUtM2U5My00MGZjLWIxNDItYjE5OTk0ZjI4NDMwIiwiaHVudF9pZCI6IjMiLCJ0aHJlYXRfaWQiOiI4NTAzOTQ1ODIsOTgzOTYyMTkzLDI2NjcwNjIwMDYsMzM5ODQxNjg3OCwzOTk5MDE0NDY1Iiwic291cmNlX25hbWUiOiJyZWNvcmRlciIsInN5c3RlbV9pbmZvIjp7Im9zIjoiXCJVYnVudHUgMTguMDQuNiBMVFNcIiIsImJpdHMiOjY0LCJwbGF0Zm9ybSI6IkxpbnV4In0sImZpcnN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJsYXN0X3NlZW4iOiIyMDIzLTAxLTE4VDEwOjM3OjM2LjAwMFoiLCJmaW5kaW5nX2lkIjoiNjAwNTkxMzExMDczMTc0ODU4NyIsInJlcG9ydGluZ19pZCI6InJlcG9ydGluZy1pZC1wbGFjZWhvbGRlciJ9LCJtYXRjaCI6eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoicHJvY2VzcyIsInNvdXJjZSI6InJlY29yZGVyIiwiaGFzaCI6IjQwMDE0NTA1MTc3OTQzNzAzMjAiLCJwcm9wZXJ0aWVzIjp7InBpZCI6NDMxODEsImFyZ3MiOiJkb2NrZXItdW50YXIgLyAvdmFyL2xpYi9kb2NrZXIvb3ZlcmxheTIvMmJjZmZiN2YwZDZhM2YzN2E2MTk5Y2E2OTE2NDllYTQ5MzU4YTJjMmU4N2YzOTIwMjU2MmU1MGViNWNkMjgwNS9kaWZmIiwicmVjb3JkZXJfdW5pcXVlX2lkIjoiMTQxNTYwNDI1NzY5OTM0OTUyMTMiLCJzdGFydF90aW1lIjoiMjAyMy0wMS0xOFQxMDozNzoxOC4wMDBaIiwicHBpZCI6MjA1OCwidXNlciI6InJvb3RcXHJvb3QiLCJmaWxlIjp7ImZ1bGxwYXRoIjoiL3Byb2Mvc2VsZi9leGUifSwibmFtZSI6Ii9wcm9jL3NlbGYvZXhlIiwicGFyZW50Ijp7InBpZCI6MjA1OCwiYXJncyI6Ii91c3IvYmluL2RvY2tlcmQgLUggZmQ6Ly8gLS1jb250YWluZXJkPS9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2siLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTg2NDMyOTE1OTUxMDAyNiIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ2OjI0LjAwMFoiLCJwcGlkIjoxLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsiZnVsbHBhdGgiOiIvdXNyL2Jpbi9kb2NrZXJkIn0sIm5hbWUiOiIvdXNyL2Jpbi9kb2NrZXJkIiwicGFyZW50Ijp7InBpZCI6MSwiYXJncyI6Ii9zYmluL2luaXQiLCJyZWNvcmRlcl91bmlxdWVfaWQiOiIxMTUyOTI1NjY0MjgyNjczMTUyMSIsInN0YXJ0X3RpbWUiOiIyMDIzLTAxLTExVDA4OjQ0OjAyLjAwMFoiLCJ1c2VyIjoicm9vdFxccm9vdCIsImZpbGUiOnsibWQ1IjoiYWM4YjI3Y2U2NjQxY2JhNGVkMmM1ZTc2MmYwNDE5ODYiLCJmdWxscGF0aCI6Ii9saWIvc3lzdGVtZC9zeXN0ZW1kIn0sIm5hbWUiOiIvbGliL3N5c3RlbWQvc3lzdGVtZCJ9fX0sImNvbnRleHRzIjpbeyJmaWxlIjp7InVuaXF1ZUV2ZW50SWQiOiI0NjExNjg2MDE4NDc1ODU1NjcyIn0sImV2ZW50Ijp7InRpbWVzdGFtcE1zIjoiMTY3NDAzODIzODc4MCIsImZpbGVDcmVhdGUiOnsicGF0aCI6Ii92YXIvbGliL2RvY2tlci9vdmVybGF5Mi8yYmNmZmI3ZjBkNmEzZjM3YTYxOTljYTY5MTY0OWVhNDkzNThhMmMyZTg3ZjM5MjAyNTYyZTUwZWI1Y2QyODA1L2RpZmYvZXRjL2hvc3RzIn19fV19fQ==\",\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" @@ -7629,9 +7547,7 @@ "host" ], "id": "5371", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":5371,\"table\":\"OnDemandScan\",\"rowId\":1000012,\"revision\":null,\"state\":{\"actionExpiration\":\"2024-11-19T15:01:28.000Z\",\"actionIdUnix\":52830,\"actionIdWindows\":52829,\"updatedAt\":\"2024-11-19T14:51:28.966Z\",\"id\":1000012,\"computerGroupId\":15765,\"userId\":1,\"createdAt\":\"2024-11-19T14:51:23.654Z\"},\"userId\":1,\"userName\":\"tanium\",\"action\":\"update\",\"createdAt\":\"2024-11-19T14:51:28.968Z\",\"updatedAt\":\"2024-11-19T14:51:28.968Z\",\"personaId\":null}", "type": [ "info" @@ -7686,9 +7602,7 @@ "host" ], "id": "5372", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"id\":5372,\"table\":\"IntelDoc\",\"rowId\":null,\"revision\":null,\"state\":{\"config_id\":null,\"config_rev_id\":null,\"intel_id\":59,\"service_id\":\"55f779d1-59e1-4df0-b49a-9427ad654aa6\",\"computerName\":\"somehostname.network.corp.example.com\",\"computerIpAddress\":\"216.160.83.60\",\"legacyType\":\"detect.endpoint.match.throttled\"},\"userId\":6,\"userName\":\"Threat Response\",\"action\":\"throttle\",\"createdAt\":\"2024-11-19T14:56:14.646Z\",\"updatedAt\":\"2024-11-19T14:56:14.646Z\",\"personaId\":null}", "type": [ "info" @@ -7739,9 +7653,7 @@ "host" ], "id": "00000000-0000-0000-5359-4a274d06f4eb", - "kind": [ - "event" - ], + "kind": "event", "original": "{\"Computer IP\":\"81.2.69.192\",\"Computer Name\":\"worker-1\",\"Event Id\":\"00000000-0000-0000-5359-4a274d06f4eb\",\"Event Name\":\"detect.match\",\"Match Details\":{\"intel_id\":135,\"config_id\":3,\"config_rev_id\":1,\"finding\":{\"whats\":[{\"intel_intra_ids\":[{\"id\":850394582},{\"id\":983962193},{\"id\":2667062006},{\"id\":3398416878},{\"id\":3999014465}],\"source_name\":\"recorder\",\"artifact_activity\":{\"relevant_actions\":[{\"verb\":6,\"target\":{\"file\":{\"path\":\"/var/lib/docker/overlay2/2bcffb7f0d6a3f37a6199ca691649ea49358a2c2e87f39202562e50eb5cd2805/diff/etc/hosts\",\"hash\":{\"md5\":\"4d1f1257b846bda82d0338fb541e7301\",\"sha1\":\"043eb324a653456caa1a73e2e2d49f77792bb0c5\",\"sha256\":\"e3998dbe02b51dada33de87ae43d18a93ab6915b9e34f5a751bf2b9b25a55492\"},\"size_bytes\":\"79\",\"modification_time\":\"2022-09-11T20:08:26.000Z\",\"instance_hash_salt\":\"3014767\",\"magic_number_hex\":\"3132372e\"},\"instance_hash\":\"9667017345150968342\",\"artifact_hash\":\"105380045610624906\"},\"timestamp\":\"2023-01-18T10:37:18.000Z\",\"tanium_recorder_event_table_id\":\"4611686018475855672\",\"tanium_recorder_context\":{\"file\":{\"unique_event_id\":\"4611686018475855672\"},\"event\":{\"timestamp_ms\":\"1674038238780\",\"file_create\":{\"path\":\"/var/lib/docker/overlay2/2bcffb7f0d6a3f37a6199ca691649ea49358a2c2e87f39202562e50eb5cd2805/diff/etc/hosts\"}}}}],\"acting_artifact\":{\"process\":{\"handles\":[],\"pid\":43181,\"arguments\":\"docker-untar / /var/lib/docker/overlay2/2bcffb7f0d6a3f37a6199ca691649ea49358a2c2e87f39202562e50eb5cd2805/diff\",\"file\":{\"file\":{\"path\":\"/proc/self/exe\"},\"instance_hash\":\"13164683008308733236\",\"artifact_hash\":\"13164683008308733236\"},\"user\":{\"user\":{\"name\":\"root\",\"domain\":\"root\",\"user_id\":\"0\",\"group_id\":\"0\"}},\"parent\":{\"process\":{\"handles\":[],\"pid\":2058,\"arguments\":\"/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock\",\"file\":{\"file\":{\"path\":\"/usr/bin/dockerd\"},\"instance_hash\":\"16788126017090571291\",\"artifact_hash\":\"16788126017090571291\"},\"user\":{\"user\":{\"name\":\"root\",\"domain\":\"root\",\"user_id\":\"6018826305876723269\"}},\"parent\":{\"process\":{\"handles\":[],\"pid\":1,\"arguments\":\"/sbin/init\",\"file\":{\"file\":{\"path\":\"/lib/systemd/systemd\",\"hash\":{\"md5\":\"ac8b27ce6641cba4ed2c5e762f041986\"}},\"instance_hash\":\"13187766456007072019\",\"artifact_hash\":\"13187766456007072019\"},\"user\":{\"user\":{\"name\":\"root\",\"domain\":\"root\",\"user_id\":\"6018826305876723269\"}},\"start_time\":\"2023-01-11T08:44:02.000Z\",\"tanium_unique_id\":\"11529256642826731521\"},\"instance_hash\":\"319696485285188539\",\"artifact_hash\":\"4714900194180531836\"},\"start_time\":\"2023-01-11T08:46:24.000Z\",\"tanium_unique_id\":\"11529864329159510026\"},\"instance_hash\":\"17132176296926170068\",\"artifact_hash\":\"11715552950861057177\"},\"start_time\":\"2023-01-18T10:37:18.000Z\",\"tanium_unique_id\":\"14156042576993495213\"},\"instance_hash\":\"11886381663294803086\",\"artifact_hash\":\"4001450517794370320\",\"is_intel_target\":true}}}],\"domain\":\"threatresponse\",\"intel_id\":\"135:1:7b89ac35-3e93-40fc-b142-b19994f28430\",\"hunt_id\":\"3\",\"threat_id\":\"850394582,983962193,2667062006,3398416878,3999014465\",\"source_name\":\"recorder\",\"system_info\":{\"os\":\"\\\"Ubuntu 18.04.6 LTS\\\"\",\"bits\":64,\"platform\":\"Linux\"},\"first_seen\":\"2023-01-18T10:37:36.000Z\",\"last_seen\":\"2023-01-18T10:37:36.000Z\",\"finding_id\":\"6005913110731748587\",\"reporting_id\":\"reporting-id-placeholder\"},\"match\":{\"version\":1,\"type\":\"process\",\"source\":\"recorder\",\"hash\":\"4001450517794370320\",\"properties\":{\"pid\":43181,\"args\":\"docker-untar / /var/lib/docker/overlay2/2bcffb7f0d6a3f37a6199ca691649ea49358a2c2e87f39202562e50eb5cd2805/diff\",\"recorder_unique_id\":\"14156042576993495213\",\"start_time\":\"2023-01-18T10:37:18.000Z\",\"ppid\":2058,\"user\":\"root\\\\root\",\"file\":{\"fullpath\":\"/proc/self/exe\"},\"name\":\"/proc/self/exe\",\"parent\":{\"pid\":2058,\"args\":\"/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock\",\"recorder_unique_id\":\"11529864329159510026\",\"start_time\":\"2023-01-11T08:46:24.000Z\",\"ppid\":1,\"user\":\"root\\\\root\",\"file\":{\"fullpath\":\"/usr/bin/dockerd\"},\"name\":\"/usr/bin/dockerd\",\"parent\":{\"pid\":1,\"args\":\"/sbin/init\",\"recorder_unique_id\":\"11529256642826731521\",\"start_time\":\"2023-01-11T08:44:02.000Z\",\"user\":\"root\\\\root\",\"file\":{\"md5\":\"ac8b27ce6641cba4ed2c5e762f041986\",\"fullpath\":\"/lib/systemd/systemd\"},\"name\":\"/lib/systemd/systemd\"}}},\"contexts\":[{\"file\":{\"uniqueEventId\":\"4611686018475855672\"},\"event\":{\"timestampMs\":\"1674038238780\",\"fileCreate\":{\"path\":\"/var/lib/docker/overlay2/2bcffb7f0d6a3f37a6199ca691649ea49358a2c2e87f39202562e50eb5cd2805/diff/etc/hosts\"}}}]}},\"Priority\":\"high\",\"Severity\":\"info\",\"Timestamp\":\"2023-01-18T10:37:36.000Z\",\"User Domain\":\"\",\"User Id\":\"\",\"User Name\":\"\"}", "type": [ "info" diff --git a/packages/tanium/data_stream/threat_response/_dev/test/system/test-http-endpoint-config.yml b/packages/tanium/data_stream/threat_response/_dev/test/system/test-http-endpoint-config.yml index 78909ee7bb2..7db6416354e 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/system/test-http-endpoint-config.yml +++ b/packages/tanium/data_stream/threat_response/_dev/test/system/test-http-endpoint-config.yml @@ -10,6 +10,7 @@ data_stream: preserve_duplicate_custom_fields: true numeric_keyword_fields: - tanium.threat_response.id + - tanium.threat_response.intel_id - tanium.threat_response.match_details.config_id - tanium.threat_response.match_details.config_rev_id - tanium.threat_response.match_details.finding.whats.intel_intra_ids.id diff --git a/packages/tanium/data_stream/threat_response/_dev/test/system/test-tcp-config.yml b/packages/tanium/data_stream/threat_response/_dev/test/system/test-tcp-config.yml index 3da4805cfe6..50ebb3e5c91 100644 --- a/packages/tanium/data_stream/threat_response/_dev/test/system/test-tcp-config.yml +++ b/packages/tanium/data_stream/threat_response/_dev/test/system/test-tcp-config.yml @@ -10,6 +10,7 @@ data_stream: preserve_duplicate_custom_fields: true numeric_keyword_fields: - tanium.threat_response.id + - tanium.threat_response.intel_id - tanium.threat_response.match_details.config_id - tanium.threat_response.match_details.config_rev_id - tanium.threat_response.match_details.finding.whats.intel_intra_ids.id diff --git a/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml b/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml index 4a21455e043..0b13715e1de 100644 --- a/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tanium/data_stream/threat_response/elasticsearch/ingest_pipeline/default.yml @@ -5,11 +5,10 @@ processors: tag: set_ecs_version field: ecs.version value: '8.11.0' - - append: - tag: append_event_kind + - set: + tag: set_event_kind_default field: event.kind value: event - allow_duplicates: false - set: tag: set_event_category field: event.category @@ -33,6 +32,46 @@ processors: field: error.message value: '{{{_ingest.on_failure_message}}}' allow_duplicates: false + - rename: + tag: rename_json_alert_id + field: json.Alert Id + target_field: tanium.threat_response.alert_id + ignore_missing: true + - set: + tag: set_event_kind_alert + field: event.kind + value: alert + if: ctx.tanium?.threat_response?.alert_id != null && ctx.tanium.threat_response.alert_id != '' + - rename: + tag: rename_json_intel_id + field: json.Intel Id + target_field: tanium.threat_response.intel_id + ignore_missing: true + - rename: + tag: rename_json_intel_type + field: json.Intel Type + target_field: tanium.threat_response.intel_type + ignore_missing: true + - rename: + tag: rename_json_intel_name + field: json.Intel Name + target_field: tanium.threat_response.intel_name + ignore_missing: true + - rename: + tag: rename_json_intel_labels + field: json.Intel Labels + target_field: tanium.threat_response.intel_labels + ignore_missing: true + - rename: + tag: rename_json_impact_score + field: json.Impact Score + target_field: tanium.threat_response.impact_score + ignore_missing: true + - rename: + tag: rename_json_link + field: json.Link + target_field: tanium.threat_response.link + ignore_missing: true - date: tag: date_json_updatedat field: json.updatedAt diff --git a/packages/tanium/data_stream/threat_response/fields/fields.yml b/packages/tanium/data_stream/threat_response/fields/fields.yml index 5fc0e9ba9fa..d7e359490e7 100644 --- a/packages/tanium/data_stream/threat_response/fields/fields.yml +++ b/packages/tanium/data_stream/threat_response/fields/fields.yml @@ -4,6 +4,9 @@ - name: action type: keyword description: Action for the threat response. + - name: alert_id + type: keyword + description: Alert ID - name: computer type: group fields: @@ -28,18 +31,21 @@ - name: id type: keyword description: Threat response id. - - name: other_parameters - type: group - fields: - - name: name - type: keyword - description: Name of threat. - - name: source - type: keyword - description: Source of threat. - - name: type - type: keyword - description: Type of threat. + - name: impact_score + type: integer + description: Impact score + - name: intel_id + type: keyword + description: Intelligence ID + - name: intel_name + type: keyword + description: Intelligence name + - name: intel_type + type: keyword + description: Intelligence type + - name: link + type: keyword + description: Link - name: match_details type: group fields: @@ -921,6 +927,18 @@ - name: user_id type: integer description: User ID. + - name: other_parameters + type: group + fields: + - name: name + type: keyword + description: Name of threat. + - name: source + type: keyword + description: Source of threat. + - name: type + type: keyword + description: Type of threat. - name: table type: keyword description: Table for the threat response. diff --git a/packages/tanium/docs/README.md b/packages/tanium/docs/README.md index d3286034fc7..b5a499024d1 100644 --- a/packages/tanium/docs/README.md +++ b/packages/tanium/docs/README.md @@ -956,12 +956,18 @@ An example event for `threat_response` looks as following: | log.offset | Log offset. | long | | log.source.address | Source address from which the log event was read / sent from. | keyword | | tanium.threat_response.action | Action for the threat response. | keyword | +| tanium.threat_response.alert_id | Alert ID | keyword | | tanium.threat_response.computer.ip | Computer ip of the threat response. | ip | | tanium.threat_response.computer.name | Computer name of the threat response. | keyword | | tanium.threat_response.created_at | Create time for the threat response. | date | | tanium.threat_response.event.id | Event id of the threat response.. | keyword | | tanium.threat_response.event.name | Event name of the threat response. | keyword | | tanium.threat_response.id | Threat response id. | keyword | +| tanium.threat_response.impact_score | Impact score | integer | +| tanium.threat_response.intel_id | Intelligence ID | keyword | +| tanium.threat_response.intel_name | Intelligence name | keyword | +| tanium.threat_response.intel_type | Intelligence type | keyword | +| tanium.threat_response.link | Link | keyword | | tanium.threat_response.match_details.config_id | Config id. | keyword | | tanium.threat_response.match_details.config_rev_id | Config rev.iD. | keyword | | tanium.threat_response.match_details.finding.domain | Finding domain. | keyword | diff --git a/packages/tanium/manifest.yml b/packages/tanium/manifest.yml index d69eb7c532e..70d0615e409 100644 --- a/packages/tanium/manifest.yml +++ b/packages/tanium/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: tanium title: Tanium -version: "1.11.0" +version: "1.12.0" description: This Elastic integration collects logs from Tanium with Elastic Agent. type: integration categories: